Jump to content

Web Control behind a proxy not showing blocking page for https sites


Recommended Posts

11 hours ago, itman said:

My guess is if a transparent proxy was used, there would be no issues with Eset since it would be examining expected port 443 HTTPS traffic.

unfortunately wrong
The proxy runs in explicit mode on a custom port

Link to comment
Share on other sites

  • Administrators

In logs we see that the browser received a blocked page but for an unknown reason it reports an error. The case is still being investigated.

Link to comment
Share on other sites

  • ESET Staff

This is intended behavior of both Chrome and Firefox.

We serve the blocking page with HTTP/1.0 403 Blocked by ESET Security, as the immediate response to CONNECT blocked.domain.com:443 HTTP/1.1
Such response is blocked by browsers, and therefore not shown, in the case of https for security reasons, see e.g. https://bugs.chromium.org/p/chromium/issues/detail?id=137891

In order to make the browsers show the page we would need to proceed with the tunnel establishment and serve the blocking page only in there. Currently there is no ETA when this change will be done. It would be implemented in Internet protection module and therefore the clients would receive the update automatically.

Link to comment
Share on other sites

9 minutes ago, Posolsvetla said:

This is intended behavior of both Chrome and Firefox.

..and Edge, and Vivaldi...
is there a browser where it works?

 

 

15 minutes ago, Posolsvetla said:

We serve the blocking page with HTTP/1.0 403 Blocked by ESET Security, as the immediate response to CONNECT blocked.domain.com:443 HTTP/1.1
Such response is blocked by browsers, and therefore not shown, in the case of https for security reasons, see e.g. https://bugs.chromium.org/p/chromium/issues/detail?id=137891

In order to make the browsers show the page we would need to proceed with the tunnel establishment and serve the blocking page only in there

if I understand correctly, this does not work anywhere?
are we the only company using ESET and a proxy?

 

Best

Stefan

Link to comment
Share on other sites

  • ESET Staff
24 minutes ago, me myself and i said:

is there a browser where it works?

if I understand correctly, this does not work anywhere?

The source code of only Chrome and Firefox was checked. The majority, if not all, of the browsers are expected to behave similarly.

24 minutes ago, me myself and i said:

are we the only company using ESET and a proxy?

Probably not. But as it's been like this for several years already, you are the 1st (AFAIK) to actually care enough to report the issue.

Link to comment
Share on other sites

8 minutes ago, Posolsvetla said:

Probably not. But as it's been like this for several years already, you are the 1st (AFAIK) to actually care enough to report the issue.

wow.... sounds like a bonus for me *smile*
and since it is the second error (see here) there is perhaps a double bonus? *double-smile*
what are the next steps?
Will you inform me when the problem is solved?

Link to comment
Share on other sites

  • ESET Staff
9 minutes ago, me myself and i said:

what are the next steps?
Will you inform me when the problem is solved?

We will take care of the issue, but please note it might take some time as there might be more urgent work to be done.

I will sent you a PM when it's released for business users. Please do not expect it to be soon, e.g. the usual release workflow (in cases like this) lasts several weeks.

Link to comment
Share on other sites

In the Cisco WSA documentation in regards to HTTPS proxy configuration, it is stated that transparent proxy mode was provided in the instance where individual client devices are not configured to use a proxy. It was already stated in this thread that this installation does not configure  individual client devices to use a proxy. As such, I believe setting Cisco WSA HTTPS proxy to transparent mode would be the solution to this issue.

Broadcom has a short article of the difference between explicit and transparent proxies: https://knowledge.broadcom.com/external/article/166958/the-differences-between-explicit-proxy-a.html . The main thing to note in this article is how browsers behave when either proxy is used. So lets look at Firefox's default proxy setting for example:

Firefox_Proxy.thumb.png.f49b66b2816bae4837fdb0975f3595c3.png

It's using Win 10 system proxy settings by default. If a network perimeter appliance explicit proxy was set on my network and this is not set up properly in my Win 10 system settings or defined in FireFox itself, I can see how FireFox could have issues with explicit proxy network traffic.

 

Edited by itman
Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...